Tuesday, May 25, 2010

Botnet Rentals Cheap for Less-Skilled Individuals

Botnets are available for hire for as little as $8.94 per hour, emphasising how little financial muscle or technical expertise is needed to carry out attacks, according to VeriSign iDefense.

The cybersecurity intellgence arm of VeriSign said on Monday that it carried out an online investigation into 25 botnet operators in February, targeting botnet services advertised on three web forums. The study found that hourly botnet rental pricing started at $8.94 (£6.04), while the average price for a 24-hour rental — the sample mean of the highest and lowest advertised prices — was $67.20.

The services advertised a number of attack vectors, including ICMP, SYN, UDP, HTTP, HTTPS and Data. The botnet operators plied their wares via the same techniques as legitimate businesses, such as via forums and banner ads. One botnet operator offered a pricing structure for the takedown of sites that had anti-attack measures installed.

While those masterminding criminal operations involving botnets have in the past often been technical experts, the trend is towards the hiring of botnet services by less-skilled individuals, according to VeriSign. This allows a wider range of cybercriminals to launch attacks designed to shut down a targeted company's systems or to spread malicious software, it noted.

"While these attacks are becoming increasingly sophisticated, the criminals targeting your business may not be," said VeriSign iDefense director of intelligence Rick Howard in a statement.

That trend surfaced in March with the arrest of three men accused of operating the massive Mariposa botnet. Unlike many underground hackers, the alleged ringleaders of the operation were not skilled programmers, but had contacts who were, authorities said.

The Mariposa botnet, believed to have been composed of 12.7 million PCs that stole credit card and bank log-in data and infected computers in half of the Fortune 1000 companies and more than 40 banks.

[...]

The world's largest botnet, Zeus, had its traffic disrupted by repeated disconnections of a Kazakhstani ISP in March, but a series of reconnections revived its activity, security researchers have said. The botnet mainly pushes out the Zeus banking Trojan, an information-stealing keylogger that relays sensitive data back to its controllers.